Effective access resolved across your profiles, permission sets and permission set groups, roles, public groups, queues, sharing rules, org-wide defaults, and field-level security, with relationship-derived and implicit sharing rolling out.
Who Sees What
Salesforce access & permission auditor
See exactly who can access what in Salesforce, and why.
Who Sees What reads your Salesforce access configuration and tells you who can reach a record or field and the precise grant that allows it. It is the access-visibility foundation of the Digadop security family.
How access is computed
Every layer that decides access, resolved into one answer
What it does
Key capabilities
The exact grant behind any access, not just that someone has it, with a plain-language "why" for every result.
Three views: People (who can and cannot see something), Fields (who sees each field), and Risks (a prioritized exposure scan).
Code and automation risk scan that flags Apex, Flows, and Visualforce that bypass declared access.
Cross-object formula-field leak detection, catching sensitive values exposed indirectly through related objects.
A one-click "verify as this user" check, plus inactive-user analysis and internal-versus-external labeling.
A ready-made question gallery and Horton, the in-app assistant, so anyone can ask in plain language or run an audit by chat.
Multiple connected orgs with one-click switching, and cross-org comparison on Enterprise.
CSV export and audit history: save a scan and re-run it later to see what changed.
Engineered to be safe to connect: read-only today via Salesforce OAuth, per-tenant isolation, and no AI used on the audit itself. It never modifies your org and does not read your business field values; for a record-specific audit it reads only the record name, ownership, and sharing metadata needed to explain access.
Who it is for: Salesforce admins, security, and compliance teams who need a defensible answer to "who can see this?"
See a real answer
A defensible answer, with the exact reason
QWho can see the Acme Corp opportunity, and why?
- Dana LeeOwns the record
- Sales Managers (12 people)Role hierarchy above the owner
- Revenue Ops (4 people)Sharing rule: "Ops sees all open deals"
- Priya ShahMember of the "Deal Desk" public group, granted by a sharing rule
Illustrative example. Who Sees What reads only the record name, ownership, and sharing metadata needed to explain access. It never reads your business field values.
How it works
From connect to answer
Connect your org with Salesforce OAuth, production or sandbox. No managed package to install.
Pick an object, record, or field, or just ask Horton in plain language.
Get the effective access in under five minutes: who can see it, who cannot, the exact reason, and a prioritized list of exposure risks.
Export the evidence as CSV, or save the audit and re-run it whenever the org changes.
Maturity
What is live, and what is coming
Available now
- The full access audit, the People / Fields / Risks views, and per-record "why".
- Code and automation risk scan, formula-field leak detection, and verify-as-user.
- Question gallery, the Horton assistant, CSV export, and audit history.
- Editions: a free trial, Who Sees What Professional, and Who Sees What Enterprise.
Coming soon
- Enterprise programmatic access (a REST API and an MCP server) and "what changed over time" / permission-simulation questions, in development.
- Lynceon, the security layer (remediation, continuous monitoring, posture, and threat detection), as a separate product, coming soon.
Trust
Engineered to be safe to connect.
Read-only today
Connects through Salesforce OAuth and never modifies your org.
Your data stays yours
Per-tenant isolation, and it does not read your business field values, only the metadata needed to explain access.
No AI on the audit
The access audit itself uses no AI. The optional Horton assistant uses AWS Bedrock only to answer typed product questions.
See Who Sees What in your org.
Part of the Digadop platform: one security and data model across the family.